The Hacker News — Cyber Security, Hacking, Technology News

By now you might be aware of the took down of two of the largest online dark websites—AlphaBay and Hansa—in what's being called the largest-ever international operation against the dark web's black market conducted by the FBI, DEA (Drug Enforcement Agency) and Dutch National Police.

But the interesting aspect of the takedown was that the federal authorities shut down AlphaBay, but took control of the Hansa market and kept it running for at least a month in an effort to monitor the activities of its visitors.

The visitors of Hansa market also included a massive flood of Alphabay refugees, as the seizer of AlphaBay Market forced their visitors to join the Hansa market for illegal trading and purchasing.

However, not just Hansa, after AlphaBay's shutdown, many of its users also joined another website known as Dream Market, which is believed to be the second-largest dark web marketplace, ahead of Hansa.

After the shutdown of both AlphaBay and Hansa, Dream Market has emerged as the leading player, but now some Reddit users on several "r/Dream_Market" threads have expressed concerns about the Dream Market, which has been in business since 2013.

One Reddit user said that Dream Market has been compromised in a similar manner as Hansa and is already under police control.

"I got contacted by an ex-Hansa staff member telling me that the operation is apparently bigger than we currently assume, that 'there will be a bloodbath, a purge' and that 'any vendor on HANSA should immediately seize his operation, lawyer up and hide his trails'," the Reddit user post read.

Possibly the Real IP of Dream Market "Mistakenly" Exposed

Another Redditor claimed to have discovered a non-encrypted IP address in Dream Market’s source code, saying that police might have taken over control of the dark market as well and are now actively monitoring its visitors.

"We found a clear address IP on the javascript source code of the market. The police must know it from a long time. GO AWAY FROM HERE RIGHT NOW !!!," the Redditor wrote along with a piece of Site's Source Code.

After exploring a bit, I found that the clearnet IP address 194.9.94.82 mentioned in the JavaScript file (lchudifyeqm4ldjj.onion/market.js) is owned by "Loopia AB," a Swedish hosting company.

This JavaScript file has not been added or altered recently, as according to some moderators, the file has been there from at least past 9 months, and the code itself doesn’t indicate any signs of hijack or interception.

However, here's the big blunder — Exposure of the possible real IP address of the server, which is supposed to be hidden behind the Tor Onion Router, is one of the biggest mistakes Dream Market operators might have made that could have already given an opportunity to law enforcement agencies to raid the hosting company and take control of the servers.

While the claims that Dream Market is under police control are yet to be verified, vendors who joined Dream Market may still be compromised by law enforcement.

Meanwhile, some anonymous users on Reddit are also encouraging dark web users to visit Dream Market, saying "CALM DOWN! DREAM IS WORKING FINE!"

Benefitted from the shutdown of its rivals, Dream Market had 57,000 listings for drugs and 4,000 listings for opioids on Thursday.